Restrict RDP Access by IP Address

Create Firewall Rule

To maintain your existing Remote Desktop connection to the server an Allow rule needs to be created first, and the IP restriction rules added.  Once these have been created the rule will then be switched to block all IPs but the ones specified in your restriction rules.

1. Connect to your server via RDP.
2. Open Windows Firewall with Advanced Security.
3. Click on Inbound Rules in the left pane.
4. In the Actions menu click on New Rule...
5. Select the Port radio button and click Next.

Select the Specific local ports radio button and enter 3389 into the box.

1. Click Next.
2. Leave the Allow the connection radio button on the Action screen selected and click Next.
3. On the Profile screen leave Domain, Private and Public checked and click Next.
4. On the Name screen give your new rule a name such as "CUSTOM RDP BLOCK".
5. Click Finish.

The new firewall rule has now been created and the IP restrictions need to be added.

Creating Your IP Restrictions

Due to our Domain Policy the IP Restrictions that will be added will block IP ranges around the IP addresses you need to leave open.  Before starting this step we suggest making a note of these IP ranges to ensure you do not restrict access to incorrect IP addresses.  

The ranges will need to be entered in ascending order. The first IP range will start at 0.0.0.0 and end at the IP address one below the IP you'd like to allow. For example, if you want to allow 60.73.200.19 your first range will be 0.0.0.0-60.73.200.18.  Your next IP range will start one IP address after the IP you want to allow and end on below the next IP you want to allow.  The final IP range will end with 255.255.255.255. 

You will need to allow the IP range of 208.88.72.0-208.88.76.255 to ensure that our tools and support department have the ability to connect to your server.

1. Right click on the new firewall rule you just created above and click properties.
2. Click on Scope tab.
3. Under the Remote IP address section select the These IP addresses option.
4. Click the Add... button.
5. Select the This IP address range radio button.
6. Enter your first IP range into the From and To boxes.

Add IP ranges to allow all the IPs required, and the IP range for our tools and support department.

1. When all your IP ranges are entered click the OK button.

Your IP Restriction rules are now in place to allow all IP addresses outside of the ranges that were added.  The Firewall rule now needs to be switched from Allow to Block.

Switch Firewall Rule for Allow to Block

1. Right click on your Firewall rule and select properties.
2. On the General tab under the Action switch the radio button from Allow the connection to Block the connection.
3. Click OK.

If you are still connected to the server via Remote Desktop after switching the Firewall rule to Block the connection your rule is working correctly.